National Cyber Security Awareness Month has produced quite a bit of useful information. One topic that continues to dominate the security headlines is social engineering attacks. Last week we went through a spear phishing email. This week, we’ll look at how some social engineers get the information they use to go after you, social networking sites.
Social networking sites have changed the way we communicate and keep track of one-another. There have been great advantages to these innovative services, from staying connected with distant friends and relatives to helping us promote and find new jobs. As with any great advancement in technology, folks have found ways to exploit them to harm others. Social networking sites have been used to gather information to improve social engineering attacks, spread malware, and establish new forms of old malicious activities, such as with cyber bullying. Below are some quick tips and resources to better protect yourself and your social networking profiles from malicious attacks.
- Use different passwords for each site or service you use. This way, if one site’s security or password is compromised, the threat is contained to just the site or service affected.
- Know what the site or service does with your information. Read the privacy statements for each service you use. The best way to know what these sites can and may do with your information is to read the privacy statements, which typically provide instructions for what settings to change to opt-out or opt-in to a privacy feature.
- Share responsibly. Remember, what you put out into the web, stays on the web. If you have information or a photo that you wouldn’t want broadcasted out to the general web, don’t put it on your site or service. Even when you have all the privacy settings turned on and you chose to share only to your friends, content can still make its way out of those boundaries you’ve created.
- Think before you click. Social networking sites are a treasure trove for social engineers. An increasing number of phishing attacks are using information obtained from your social networking site profiles, and those of your friends, to craft very specific and intricate emails used to trick you into a nefarious activity. Be cautious and think before you click on any links within emails.
- Stay informed. Follow us on Twitter! We follow some lots of useful resources that will keep you up to date on all sorts of cyber security topics.